Consumer protection bureau chief reportedly dials back Equifax probe

News of the massive breach at Equifax led to a protest organized last year by Consumer Union calling for Equifax to work harder at protecting Americans’ data. AJC File Photo.

News of the massive breach at Equifax led to a protest organized last year by Consumer Union calling for Equifax to work harder at protecting Americans’ data. AJC File Photo.

The newly appointed head of the Consumer Financial Protection Bureau has reportedly steered the agency away from a full investigation of Atlanta-based Equifax for its failure to protect Americans' data.

Mick Mulvaney, named by President Trump in November to lead the bureau, has decided against taking the legal steps needed for an investigation, according to Reuters, which cites three unnamed sources. The Atlanta Journal-Constitution has not been able to independently confirm that assertion.

However, the report drew rapid and angry condemnation from Richard Cordray, the former CFPB director, as well as from Congressional Democrats.

“If this Reuters report’s true, this undermines our work to get to the bottom of this mess & counteracts my efforts to get Equifax standing as tall as possible,” wrote U.S. Rep. David Scott of Atlanta on Twitter. “Americans must regain trust in Equifax & the CFPB choosing not to probe them is irresponsible.”

Reuters also reported that the consumer bureau will put aside plans it had for testing the way that Equifax protects data now.

Americans now have little choice about having their data used by credit agencies, so they need at least the same kind of protections that they have when doing business with banks, said Humayun Zafar, professor of information systems at Kennesaw State University.

“From the consumer point of view, we are pretty much at their mercy,” he said. “The bureau is supposed to protect the interests of regular folks.”

Late Monday, a spokesperson for Equifax released the following statement: “Equifax is cooperating with agencies that are investigating or otherwise seeking information about the cybersecurity incident, including the CFPB.”

The company will not otherwise comment on “an ongoing process,” she said.

The company had announced in September that hackers had filched data on more than 145 million consumers. The revelations led to Congressional hearings and the departure of the company's chief executive and several other top officials.

Lack of a CFPB inquiry does not mean an end to investigations. Many – if not all – of the states have expressed interest in probing the effect of the breach on their residents. The federal retreat does not mean they will follow suit.

For instance, Eric Schneiderman, New York’s attorney general, responded quickly via Twitter that he will not be mimicking the bureau’s decision, which he described as an “unwillingness to protect consumers.”

In a mid-day tweet, Schneiderman said, “We’re continuing to move full steam ahead with our multistate investigation.”

The troubled company has also said that it faces about 240 class action lawsuits.

Moreover, the CFPB was not the only possible federal probe. For example, the Federal Trade Commission is looking into the breach and could impose financial penalties.

In fact, the last time the FTC penalized a major credit bureau it was Equifax, a 2012 settlement for $393,000.

However, the CFPB has been more aggressive in the past, fining Equifax and the other credit bureaus more than $25 million last year for over-marketing its services.

MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.

AJC Business reporter Michael E. Kanell keeps you updated on the latest news about jobs, housing and consumer issues in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:

Never miss a minute of what's happening in local business news. Subscribe to myAJC.com.